[原文]Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string.

-
漏洞描述

A remote overflow exists in Adobe Acrobat Reader. Acrobat Readers' active x component pdf.ocx fails to perform bounds checking on long URI strings resulting in a buffer overflow within RTLHeapFree(). With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of confidentiality and integrity.

-
时间线

公开日期:
2004-08-13

发现日期:
Unknow

利用日期:2004-08-13

解决日期:Unknow

-
解决方案

Upgrade to version 6.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

-
不受影响的程序版本

Adobe Reader 6.0.2
Adobe Acrobat 6.0.2

-
漏洞讨论

Adobe Acrobat/Acrobat Reader ActiveX control (pdf.ocx) is reported prone to a heap-based buffer overrun vulnerability, the issue presents itself due to a lack of sufficient boundary checking performed on URI data of GET requests.

It is reported that Microsoft IIS and Netscape Enterprise servers employ NULL bytes as URI terminators and so these HTTP servers may be used to launch an attack.

When a malicious URI is followed, the URI is copied into heap-based memory of the affected software without sufficient boundary checks. This results in heap-based memory management chunks being trampled by attacker-supplied URI data.

Ultimately this vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of the user who is running the vulnerable software.

-
漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

-
解决方案

Adobe has released Adobe Reader 6.0.2 update to address this issue. This update is available for Windows and requires Adobe Reader 6.0.1 to be installed.